EUVD-2018-2540

Malware in sbrugna...

New transferFlaw Bug Used For Possible Scam Token Listed In A Top Exchange(CVE-2018-10468)

Our automated scanning system at PeckShield discovered a new vulnerability named transferFlaw CVE-2018–10468. This particular vulnerability affects a publicly traded ERC20 token listed in a top exchange. Different from batchOverflow 1 and proxyOverflow 2 we identified before, this vulnerability...

CVE-2018-10468

The transferFrom function of a smart contract implementation for Useless Ethereum Token UET, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer all victims' balances into their account because certain computations involving value are incorrect, as exploited in the wild...

Code injection

The transferFrom function of a smart contract implementation for Useless Ethereum Token UET, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer all victims' balances into their account because certain computations involving value are incorrect, as exploited in the wild...

CVE-2018-10468

CVE-2018-10468 affects the Useless Ethereum Token (UET) ERC20 contract. The transferFrom function mishandles calculations involving _value, enabling an attacker to steal funds (e.g., drain victims’ balances). Exploitation has been observed in the wild since 2017-12. Related tokens (e.g., DimonCoi...